amazon-support-4rcw.account-security-desk.su Open in urlscan Pro
93.157.63.171  Malicious Activity! Public Scan

Submitted URL: https://syscaliber.com/newsletter-nPKnBNwXJ/?rewrite=redirect%2F45f5c90190be8cac80cbe97b2ef7fb1a-id-dTa0YD4-to-update-a...
Effective URL: https://amazon-support-4rcw.account-security-desk.su/login/captcha/
Submission: On February 04 via api from US

Summary

This website contacted 4 IPs in 2 countries across 5 domains to perform 12 HTTP transactions. The main IP is 93.157.63.171, located in Russian Federation and belongs to NFORCE, NL. The main domain is amazon-support-4rcw.account-security-desk.su.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 27th 2020. Valid for: 3 months.
This is the only time amazon-support-4rcw.account-security-desk.su was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Amazon (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 166.62.10.139 26496 (AS-26496-...)
2 3 93.157.63.171 43350 (NFORCE)
9 13.35.250.160 16509 (AMAZON-02)
1 52.218.249.178 16509 (AMAZON-02)
12 4
Domain Requested by
8 images-na.ssl-images-amazon.com amazon-support-4rcw.account-security-desk.su
images-na.ssl-images-amazon.com
3 amazon-support-4rcw.account-security-desk.su 2 redirects
1 m.media-amazon.com amazon-support-4rcw.account-security-desk.su
1 opfcaptcha-prod.s3.amazonaws.com amazon-support-4rcw.account-security-desk.su
1 syscaliber.com 1 redirects
12 5

This site contains no links.

Subject Issuer Validity Valid
*.account-security-desk.su
Let's Encrypt Authority X3
2020-01-27 -
2020-04-26
3 months crt.sh
Images-na.ssl-images-amazon.com
DigiCert Global CA G2
2019-05-02 -
2020-04-23
a year crt.sh
*.s3.amazonaws.com
DigiCert Baltimore CA-2 G2
2019-11-09 -
2021-03-12
a year crt.sh

This page contains 1 frames:

Primary Page: https://amazon-support-4rcw.account-security-desk.su/login/captcha/
Frame ID: 6D1D397573CB0122B91368A232FFBB96
Requests: 12 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://syscaliber.com/newsletter-nPKnBNwXJ/?rewrite=redirect%2F45f5c90190be8cac80cbe97b2ef7fb1a-id... HTTP 302
    https://amazon-support-4rcw.account-security-desk.su/?cl=jonathan.cunningham@afbini.gov.uk HTTP 301
    https://amazon-support-4rcw.account-security-desk.su/login/ HTTP 301
    https://amazon-support-4rcw.account-security-desk.su/login/captcha/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

12
Requests

92 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

2
Countries

302 kB
Transfer

963 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://syscaliber.com/newsletter-nPKnBNwXJ/?rewrite=redirect%2F45f5c90190be8cac80cbe97b2ef7fb1a-id-dTa0YD4-to-update-account HTTP 302
    https://amazon-support-4rcw.account-security-desk.su/?cl=jonathan.cunningham@afbini.gov.uk HTTP 301
    https://amazon-support-4rcw.account-security-desk.su/login/ HTTP 301
    https://amazon-support-4rcw.account-security-desk.su/login/captcha/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set /
amazon-support-4rcw.account-security-desk.su/login/captcha/
Redirect Chain
  • https://syscaliber.com/newsletter-nPKnBNwXJ/?rewrite=redirect%2F45f5c90190be8cac80cbe97b2ef7fb1a-id-dTa0YD4-to-update-account
  • https://amazon-support-4rcw.account-security-desk.su/?cl=jonathan.cunningham@afbini.gov.uk
  • https://amazon-support-4rcw.account-security-desk.su/login/
  • https://amazon-support-4rcw.account-security-desk.su/login/captcha/
18 KB
18 KB
Document
General
Full URL
https://amazon-support-4rcw.account-security-desk.su/login/captcha/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
93.157.63.171 , Russian Federation, ASN43350 (NFORCE, NL),
Reverse DNS
bestwwin.com
Software
Apache /
Resource Hash
6ef86d8adf05f6066a14c5c6654c17bfff004aff6a08c96aea0389cad0ebf8f8

Request headers

Host
amazon-support-4rcw.account-security-desk.su
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Accept-Encoding
gzip, deflate, br
Cookie
AmazonSession=f57775b5cb876d6c8cc331e1661713c8; AmazonSession=f57775b5cb876d6c8cc331e1661713c8; AmazonSession=f57775b5cb876d6c8cc331e1661713c8
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User
?1

Response headers

Date
Tue, 04 Feb 2020 17:28:16 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Set-Cookie
AmazonSession=f57775b5cb876d6c8cc331e1661713c8; expires=Wed, 05-Feb-2020 17:28:16 GMT; Max-Age=86400
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Tue, 04 Feb 2020 17:28:16 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Set-Cookie
AmazonSession=f57775b5cb876d6c8cc331e1661713c8; expires=Wed, 05-Feb-2020 17:28:16 GMT; Max-Age=86400
Location
/login/captcha/
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
61WWCPB3rAL._RC%7C01evdoiemkL.css,01K+Ps1DeEL.css,314JbT8lsyL.css,01kivkxD60L.css,11UGC+GXOPL.css,21LK7jaicML.css,11L58Qpo0GL.css,21Pd9HarLOL.css,01Xl9KigtzL.css,21ygesff1yL.css,019SHZnt8RL.css,01q...
images-na.ssl-images-amazon.com/images/I/
144 KB
24 KB
Stylesheet
General
Full URL
https://images-na.ssl-images-amazon.com/images/I/61WWCPB3rAL._RC%7C01evdoiemkL.css,01K+Ps1DeEL.css,314JbT8lsyL.css,01kivkxD60L.css,11UGC+GXOPL.css,21LK7jaicML.css,11L58Qpo0GL.css,21Pd9HarLOL.css,01Xl9KigtzL.css,21ygesff1yL.css,019SHZnt8RL.css,01qy9K8SDEL.css,11vZhCgAHbL.css,21uiGhnhrlL.css,11WgRxUdJRL.css,01dU8+SPlFL.css,11iPn24GCWL.css,01SHjPML6tL.css,111-D2qRjiL.css,01QrWuRrZ-L.css,31Wkf2OUteL.css,01WOZ2JFQjL.css,01pVbSC-RPL.css_.css?AUIClients/AmazonUI
Requested by
Host: amazon-support-4rcw.account-security-desk.su
URL: https://amazon-support-4rcw.account-security-desk.su/login/captcha/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.250.160 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-250-160.fra6.r.cloudfront.net
Software
Server /
Resource Hash
2a5b585eddd15793da1f4900bfdadf7207229b48b52792a538d1e4284b817119

Request headers

Referer
https://amazon-support-4rcw.account-security-desk.su/login/captcha/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 17 Sep 2019 22:05:50 GMT
content-encoding
gzip
age
2137060
edge-cache-tag
x-cache-194,/images/I/61WWCPB3rAL
status
200
x-cache
Hit from cloudfront
via
1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
surrogate-key
x-cache-194 /images/I/61WWCPB3rAL
last-modified
Tue, 26 Sep 2017 19:33:30 GMT
server
Server
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=630720000,public
x-amz-ir-id
1d6ef0f5-fd6f-47b5-98a6-c0a9d65e8d07
x-amz-cf-pop
FRA6-C1
timing-allow-origin
https://www.amazon.com
x-amz-cf-id
KTHEvJyM0zQeWgyXRpGEkg3bUYQcG8OJp5aKNtuez1gvmAOnLtUA9Q==
expires
Sun, 11 Sep 2039 22:47:13 GMT
11BFk7eGdOL.css
images-na.ssl-images-amazon.com/images/I/
2 KB
1 KB
Stylesheet
General
Full URL
https://images-na.ssl-images-amazon.com/images/I/11BFk7eGdOL.css?AUIClients/CVFAssets
Requested by
Host: amazon-support-4rcw.account-security-desk.su
URL: https://amazon-support-4rcw.account-security-desk.su/login/captcha/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.250.160 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-250-160.fra6.r.cloudfront.net
Software
Server /
Resource Hash
ac6c8a640f5b8fea68c8aeaaad4e145c8261be36ba09df844e4121fb69e90cc7

Request headers

Referer
https://amazon-support-4rcw.account-security-desk.su/login/captcha/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 17 Sep 2019 01:03:16 GMT
content-encoding
gzip
age
9069146
x-cache
Hit from cloudfront
status
200
via
1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
last-modified
Mon, 16 Oct 2017 21:31:50 GMT
server
Server
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=630720000,public
x-amz-ir-id
780ba686-1b06-4076-bf23-571fd7412ed6
x-amz-cf-pop
FRA6-C1
timing-allow-origin
https://www.amazon.com
x-amz-cf-id
1DEGI_A-pTNgzuPLlS1KzbklYP4GvjNcN9jjHFeqtKUmrpicMR_tpg==
expires
Fri, 29 Jul 2039 07:08:00 GMT
01bktdFFoyL.css
images-na.ssl-images-amazon.com/images/I/
214 B
617 B
Stylesheet
General
Full URL
https://images-na.ssl-images-amazon.com/images/I/01bktdFFoyL.css?AUIClients/AuthenticationShowPasswordAssets
Requested by
Host: amazon-support-4rcw.account-security-desk.su
URL: https://amazon-support-4rcw.account-security-desk.su/login/captcha/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.250.160 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-250-160.fra6.r.cloudfront.net
Software
Server /
Resource Hash
5ecf14a99f6350aee90b13d26693375b763a74ff1c9fdec14613858c075a976c

Request headers

Referer
https://amazon-support-4rcw.account-security-desk.su/login/captcha/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Wed, 18 Sep 2019 00:41:09 GMT
content-encoding
gzip
age
2147457
x-cache
Hit from cloudfront
status
200
via
1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
last-modified
Wed, 30 Nov 2016 23:21:01 GMT
server
Server
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=630720000,public
x-amz-ir-id
ce5e20cd-cdc4-4f45-9261-5643a1de8f91
x-amz-cf-pop
FRA6-C1
timing-allow-origin
https://www.amazon.com
x-amz-cf-id
DOhy44yZAB_VM32VjOG5B7iswzGJi1qvdK6ZHC-bddpc3oB4-tTV4A==
expires
Wed, 17 Aug 2039 19:27:46 GMT
fwcim._CB460999895_.js
images-na.ssl-images-amazon.com/images/G/01/x-locale/common/login/
406 KB
115 KB
Script
General
Full URL
https://images-na.ssl-images-amazon.com/images/G/01/x-locale/common/login/fwcim._CB460999895_.js
Requested by
Host: amazon-support-4rcw.account-security-desk.su
URL: https://amazon-support-4rcw.account-security-desk.su/login/captcha/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.250.160 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-250-160.fra6.r.cloudfront.net
Software
Server /
Resource Hash
b2cc97c937b2669ac42786fb13c686bf7f24222ad042f0cee1764024d251c4d4

Request headers

Referer
https://amazon-support-4rcw.account-security-desk.su/login/captcha/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Sun, 26 Jan 2020 12:57:04 GMT
content-encoding
gzip
age
861965
edge-cache-tag
x-cache-703,/images/G/01/x-locale/common/login/fwcim
status
200
x-cache
Hit from cloudfront
via
1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
surrogate-key
x-cache-703 /images/G/01/x-locale/common/login/fwcim
last-modified
Wed, 13 Feb 2019 17:16:46 GMT
server
Server
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=630720000,public
x-amz-ir-id
592946e2-3f08-47af-9712-f93f6ef627ec
x-amz-cf-pop
FRA6-C1
timing-allow-origin
https://www.amazon.com
x-amz-cf-id
CAVM2NjkLSco1gGx-2z7NMmWWQiv1b2F3KaznEIdPOZH7k8DxsaF_Q==
expires
Fri, 20 Jan 2040 18:02:11 GMT
e5079656a7614063a8b245699c409d82.jpg
opfcaptcha-prod.s3.amazonaws.com/
4 KB
5 KB
Image
General
Full URL
https://opfcaptcha-prod.s3.amazonaws.com/e5079656a7614063a8b245699c409d82.jpg?AWSAccessKeyId=AKIA5WBBRBBBTXKHVYV7&Expires=1580837596&Signature=eOeTm1t2ARiRMPrFjzlbNnSzPR8%3D
Requested by
Host: amazon-support-4rcw.account-security-desk.su
URL: https://amazon-support-4rcw.account-security-desk.su/login/captcha/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.218.249.178 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-us-west-2-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
2a7401ab323df4089697ebed170976fd85e317d63a2e97155118e942e868566d

Request headers

Referer
https://amazon-support-4rcw.account-security-desk.su/login/captcha/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Tue, 04 Feb 2020 17:28:18 GMT
Last-Modified
Wed, 18 Apr 2018 19:47:19 GMT
Server
AmazonS3
x-amz-request-id
171B5DAD8BA0B261
ETag
"3529a44f1ca8a23938e66a19f7f7edb5"
Content-Type
image/jpeg
Accept-Ranges
bytes
Content-Length
4586
x-amz-id-2
nsZ/7XIm7nJtM2vXohrxv7vOPU9Whe9o2Ys+CznsbehSwoPFS0ejUYp9VigvLKdMCvAydpdLTCE=
61ea4y7yPdL._RC%7C11IYhapguOL.js,614nPrPPL-L.js,21dmoxZTACL.js,012FVc3131L.js,31fv8bqHLoL.js,31ReKJl2X6L.js,51nK0kUyg2L.js,11+vNCgC1cL.js,01xMsWWFUQL.js,11KkQiUpBPL.js,113pP0Sfh0L.js,21auxuI+dRL.js...
images-na.ssl-images-amazon.com/images/I/
322 KB
100 KB
Script
General
Full URL
https://images-na.ssl-images-amazon.com/images/I/61ea4y7yPdL._RC%7C11IYhapguOL.js,614nPrPPL-L.js,21dmoxZTACL.js,012FVc3131L.js,31fv8bqHLoL.js,31ReKJl2X6L.js,51nK0kUyg2L.js,11+vNCgC1cL.js,01xMsWWFUQL.js,11KkQiUpBPL.js,113pP0Sfh0L.js,21auxuI+dRL.js,01PoLXBDXWL.js,612Ozn6EcSL.js,01ezj5Rkz1L.js,01rpauTep4L.js,01WqdunfTRL.js_.js?AUIClients/AmazonUI
Requested by
Host: amazon-support-4rcw.account-security-desk.su
URL: https://amazon-support-4rcw.account-security-desk.su/login/captcha/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.250.160 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-250-160.fra6.r.cloudfront.net
Software
Server /
Resource Hash
6f2daf6dd7dc46a716a5d29dc37efdf7d4f9469e799ae2cb2676b96a919ad68f

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://amazon-support-4rcw.account-security-desk.su/login/captcha/
Origin
https://amazon-support-4rcw.account-security-desk.su

Response headers

date
Sun, 26 Jan 2020 13:23:33 GMT
content-encoding
gzip
age
792284
edge-cache-tag
x-cache-531,/images/I/61ea4y7yPdL
status
200
x-cache
Hit from cloudfront
via
1.1 c05282a87474a55ae2a8dd2aa77d1233.cloudfront.net (CloudFront)
surrogate-key
x-cache-531 /images/I/61ea4y7yPdL
last-modified
Fri, 18 Aug 2017 07:37:40 GMT
server
Server
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=630720000,public
x-amz-ir-id
cd9fb57c-67d8-4ef9-bb46-e9ce3a06ff38
x-amz-cf-pop
FRA6-C1
timing-allow-origin
https://www.amazon.com
x-amz-cf-id
fTUwLIQXyTJ8QlenewogIbLwItNWEDilXzd7SZ2sZ2ySRs-T7oax3A==
expires
Sat, 21 Jan 2040 13:23:33 GMT
21Tt8gNypzL.js
images-na.ssl-images-amazon.com/images/I/
8 KB
3 KB
Script
General
Full URL
https://images-na.ssl-images-amazon.com/images/I/21Tt8gNypzL.js?AUIClients/CVFAssets
Requested by
Host: amazon-support-4rcw.account-security-desk.su
URL: https://amazon-support-4rcw.account-security-desk.su/login/captcha/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.250.160 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-250-160.fra6.r.cloudfront.net
Software
Server /
Resource Hash
05f3fd014eb71d170ac53f79c1f33362dbf4faa88f182652a5c5ee76eb45791c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://amazon-support-4rcw.account-security-desk.su/login/captcha/
Origin
https://amazon-support-4rcw.account-security-desk.su

Response headers

date
Sun, 29 Sep 2019 18:15:37 GMT
content-encoding
gzip
age
2137438
x-cache
Hit from cloudfront
status
200
via
1.1 c05282a87474a55ae2a8dd2aa77d1233.cloudfront.net (CloudFront)
last-modified
Fri, 09 Nov 2018 05:30:13 GMT
server
Server
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=630720000,public
x-amz-ir-id
82ef756d-2366-49ca-aa73-9032f56a61bb
x-amz-cf-pop
FRA6-C1
timing-allow-origin
https://www.amazon.com
x-amz-cf-id
uafIpyswBafMf4-IVSWGpqpReMqq2Iy6UeeTrQ1IXc5H_KPb0KjpfA==
expires
Thu, 04 Nov 2038 07:24:50 GMT
01KS7T7GX6L.js
images-na.ssl-images-amazon.com/images/I/
224 B
721 B
Script
General
Full URL
https://images-na.ssl-images-amazon.com/images/I/01KS7T7GX6L.js?AUIClients/AuthenticationShowPasswordAssets
Requested by
Host: amazon-support-4rcw.account-security-desk.su
URL: https://amazon-support-4rcw.account-security-desk.su/login/captcha/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.250.160 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-250-160.fra6.r.cloudfront.net
Software
Server /
Resource Hash
777715db2e87e36d371ca4ae3b1eb78ca31b793056f7f347ab74f4caeda6508e

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://amazon-support-4rcw.account-security-desk.su/login/captcha/
Origin
https://amazon-support-4rcw.account-security-desk.su

Response headers

date
Mon, 18 Nov 2019 15:32:46 GMT
content-encoding
gzip
age
2077524
edge-cache-tag
x-cache-075,/images/I/01KS7T7GX6L
status
200
x-cache
Hit from cloudfront
via
1.1 c05282a87474a55ae2a8dd2aa77d1233.cloudfront.net (CloudFront)
surrogate-key
x-cache-075 /images/I/01KS7T7GX6L
last-modified
Thu, 15 Dec 2016 00:24:12 GMT
server
Server
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=630720000,public
x-amz-ir-id
01b56bca-e49c-4082-9540-a372536b3fb6
x-amz-cf-pop
FRA6-C1
timing-allow-origin
https://www.amazon.com
x-amz-cf-id
zoNHjctJiOVTSc5H8pI6qOIDHGRXC0WRQB2TQzDbS7K_Sb3zoYDTdw==
expires
Sat, 12 Nov 2039 05:33:34 GMT
AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013._V2_.png
m.media-amazon.com/images/G/01/AUIClients/
27 KB
28 KB
Image
General
Full URL
https://m.media-amazon.com/images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013._V2_.png
Requested by
Host: amazon-support-4rcw.account-security-desk.su
URL: https://amazon-support-4rcw.account-security-desk.su/login/captcha/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.250.160 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-250-160.fra6.r.cloudfront.net
Software
Server /
Resource Hash
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5

Request headers

Referer
https://images-na.ssl-images-amazon.com/images/I/61WWCPB3rAL._RC%7C01evdoiemkL.css,01K+Ps1DeEL.css,314JbT8lsyL.css,01kivkxD60L.css,11UGC+GXOPL.css,21LK7jaicML.css,11L58Qpo0GL.css,21Pd9HarLOL.css,01Xl9KigtzL.css,21ygesff1yL.css,019SHZnt8RL.css,01qy9K8SDEL.css,11vZhCgAHbL.css,21uiGhnhrlL.css,11WgRxUdJRL.css,01dU8+SPlFL.css,11iPn24GCWL.css,01SHjPML6tL.css,111-D2qRjiL.css,01QrWuRrZ-L.css,31Wkf2OUteL.css,01WOZ2JFQjL.css,01pVbSC-RPL.css_.css?AUIClients/AmazonUI
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 19 Sep 2019 00:53:26 GMT
via
1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
age
12001672
edge-cache-tag
x-cache-786,/images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013
status
200
x-cache
Hit from cloudfront
content-length
27972
surrogate-key
x-cache-786 /images/G/01/AUIClients/AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013
last-modified
Fri, 22 Sep 2017 00:23:19 GMT
server
Server
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=630720000,public
x-amz-ir-id
094b5905-7038-4989-8504-bc3e25578f1b
x-amz-cf-pop
FRA6-C1
timing-allow-origin
https://www.amazon.com
x-amz-cf-id
HECxAiiqpj1TYFVeABlmkYmBzXhtAlXtWpifz0nmyrph6mtTxKuQ5w==
expires
Tue, 13 Sep 2039 19:40:25 GMT
fwcim-pow.js
images-na.ssl-images-amazon.com/images/G/01/x-locale/common/login/
15 KB
6 KB
XHR
General
Full URL
https://images-na.ssl-images-amazon.com/images/G/01/x-locale/common/login/fwcim-pow.js
Requested by
Host: images-na.ssl-images-amazon.com
URL: https://images-na.ssl-images-amazon.com/images/G/01/x-locale/common/login/fwcim._CB460999895_.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.250.160 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-250-160.fra6.r.cloudfront.net
Software
Server /
Resource Hash
3cbadad0a7e9d4ebb3253136285af2d3af8f853c754dd2ca478c03007c256e5b

Request headers

Accept
*/*
Referer
https://amazon-support-4rcw.account-security-desk.su/login/captcha/
Origin
https://amazon-support-4rcw.account-security-desk.su
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Tue, 04 Feb 2020 15:10:15 GMT
content-encoding
gzip
age
8304
x-cache
Hit from cloudfront
status
200
access-control-allow-origin
*
last-modified
Mon, 23 Jul 2018 19:50:50 GMT
server
Server
content-type
application/x-javascript
via
1.1 c05282a87474a55ae2a8dd2aa77d1233.cloudfront.net (CloudFront)
cache-control
max-age=86400,public
x-amz-ir-id
30080106-dd30-40a7-889e-6f2b338d0182
x-amz-cf-pop
FRA6-C1
timing-allow-origin
https://www.amazon.com
x-amz-cf-id
_bvSz9GaVQp1y4j4UZ2fV3tuH-Ad3EQ3FKmum_X2z49MCIVQFMN4tQ==
expires
Fri, 23 Aug 2019 20:58:45 GMT
87508a2b-01dc-4bf6-98fb-ea5a37c9167b
https://amazon-support-4rcw.account-security-desk.su/
15 KB
0
Other
General
Full URL
blob:https://amazon-support-4rcw.account-security-desk.su/87508a2b-01dc-4bf6-98fb-ea5a37c9167b
Requested by
Host: images-na.ssl-images-amazon.com
URL: https://images-na.ssl-images-amazon.com/images/G/01/x-locale/common/login/fwcim._CB460999895_.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3cbadad0a7e9d4ebb3253136285af2d3af8f853c754dd2ca478c03007c256e5b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Content-Length
15662
Content-Type
application/javascript

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Amazon (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate number| aPageStart boolean| __fwcimLoaded object| fwcim boolean| __fwcimShimProfileReady object| pcv object| jQuery16406801356504674683

4 Cookies

Domain/Path Name / Value
amazon-support-4rcw.account-security-desk.su/ Name: AmazonSession
Value: f57775b5cb876d6c8cc331e1661713c8
.account-security-desk.su/ Name: AmazonSession
Value: f57775b5cb876d6c8cc331e1661713c8
amazon-support-4rcw.account-security-desk.su/login Name: AmazonSession
Value: f57775b5cb876d6c8cc331e1661713c8
amazon-support-4rcw.account-security-desk.su/login/captcha Name: AmazonSession
Value: f57775b5cb876d6c8cc331e1661713c8